1. Technical Field
The present invention relates generally to enhancing the security of computer networks. Specifically, client machines and other devices connected to a computer network gather data that is used to identify security threats, then transport this data to another computer system where it is analyzed.
2. Description of the Related Art
Securing computer networks from viruses, Trojan horses, access by unauthorized user, and the like continues to be an ongoing project for network administrators and others involved with maintaining computer networks. Many software programs and hardware devices have been and are being developed whose sole purpose is to prevent breaches of a network""s security system. However, those who would like to gain unauthorized access to computer networks or launch viruses or denial of service attacks (collectively xe2x80x9chackersxe2x80x9d) continue to develop programs and processes for overcoming these security advancements.
One of the many problems faced by those who would like to thwart the hackers"" efforts is that computer networks are becoming larger and more distributed. Another problem is that with the rise of the Internet, these computer networks are exchanging more and more data with other networks and entities. This combination can create many xe2x80x9centry pointsxe2x80x9d into a network. While it is possible to identify and defend these possible entry points, hackers have learned that they can spread their attack across several of these points, thus minimizing the chances that their presence will be detected at any one point.
Thus, there exists a need for a network security system designed to cover all of these potential entry points into a network. Also, this security system should be coordinated so that suspicious activity at one entry point can be correlated with similar activity at other points. This correlation should allow a network administrator to identify attacks that may go undetected at a single point, but can be identified when the network is examined as a whole.
Generally, the present invention is a method and apparatus for monitoring a computer network. When characterized as a method, the present invention initially obtains data from a log file associated with a device connected to the computer network. Next, individual items of data within the log file are tagged with XML codes, thereby forming a XML message. The device then forms a control header. Afterwards, the control header is appended to the XML message and sent to the collection server. Finally, the XML message is analyzed, thereby allowing the computer network to be monitored.